Mikrotik Attribute problem
Ryan De Kock
ryandekock1988 at gmail.com
Tue Apr 8 13:16:13 CEST 2014
Hi.
I was running freeradius v2.1.12 on Fedora and have changed over to CentOS
now (also v2.1.12).
All of a sudden I am having issues where my attribute Mikrotik-Total-Limit
is no longer being sent to the Mikrotik with access-reply.
This is the radius -X excerpt
...
Found Auth-Type = PERL
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PERL {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair WISPr-Logoff-URL = http://X.X.X.X/logout
rlm_perl: Added pair Acct-Session-Id = 807008e4
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Called-Station-Id = MYID
rlm_perl: Added pair Calling-Station-Id = 94:CE:2C:87:8A:84
rlm_perl: Added pair User-Name = 94:CE:2C:87:8A:84
rlm_perl: Added pair NAS-Identifier = NASNAME
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair Mikrotik-Host-IP = X.X.X.X
rlm_perl: Added pair Framed-IP-Address = X.X.X.X
rlm_perl: Added pair NAS-IP-Address = X.X.X.X
rlm_perl: Added pair NAS-Port = 2154825956
rlm_perl: Added pair NAS-Port-Id = ether3 - Rooms
rlm_perl: ERROR: Failed to create pair Mikrotik-Total-Limit = 209715200
rlm_perl: Added pair Cleartext-Password = password
rlm_perl: Added pair databank = 209715200
rlm_perl: Added pair Auth-Type = PERL
++[perl] returns ok
...
Because of that the user is no longer being limited by total data usage.
It looks as if the dictionary file location has been changed BUT here is
the working dictionary
Working server:
[root at localhost ~]# cat /usr/share/freeradius/dictionary.mikrotik
# -*- text -*-
# http://www.mikrotik.com
#
# http://www.mikrotik.com/documentation//manual_2.9/dictionary
#
# Do NOT follow their instructions and replace the dictionary
# in /etc/raddb with the one that they supply. It is NOT necessary.
#
# On top of that, the sample dictionary file they provide
# DOES NOT WORK. Do NOT use it.
#
# $Id$
#
VENDOR Mikrotik 14988
BEGIN-VENDOR Mikrotik
ATTRIBUTE Mikrotik-Recv-Limit 1 integer
ATTRIBUTE Mikrotik-Xmit-Limit 2 integer
# this attribute is unused
ATTRIBUTE Mikrotik-Group 3 string
ATTRIBUTE Mikrotik-Wireless-Forward 4 integer
ATTRIBUTE Mikrotik-Wireless-Skip-Dot1x 5 integer
ATTRIBUTE Mikrotik-Wireless-Enc-Algo 6 integer
ATTRIBUTE Mikrotik-Wireless-Enc-Key 7 string
ATTRIBUTE Mikrotik-Rate-Limit 8 string
ATTRIBUTE Mikrotik-Realm 9 string
ATTRIBUTE Mikrotik-Host-IP 10 ipaddr
ATTRIBUTE Mikrotik-Mark-Id 11 string
ATTRIBUTE Mikrotik-Advertise-URL 12 string
ATTRIBUTE Mikrotik-Advertise-Interval 13 integer
ATTRIBUTE Mikrotik-Recv-Limit-Gigawords 14 integer
ATTRIBUTE Mikrotik-Xmit-Limit-Gigawords 15 integer
ATTRIBUTE Mikrotik-Total-Limit 17 integer
ATTRIBUTE Mikrotik-Total-Limit-Gigawords 18 integer
# MikroTik Values
VALUE Mikrotik-Wireless-Enc-Algo No-encryption 0
VALUE Mikrotik-Wireless-Enc-Algo 40-bit-WEP 1
VALUE Mikrotik-Wireless-Enc-Algo 104-bit-WEP 2
END-VENDOR Mikrotik
Not working server:
# cat /usr/local/share/freeradius/dictionary.mikrotik
# MikroTik vendor specific dictionary
# Copyright (C) MikroTikls, SIA
#
# You may freely redistribute and use this software or any part of it in
source
# and/or binary forms, with or without modification for any purposes without
# limitations, provided that you respect the following statement:
#
# This software is provided 'AS IS' without a warranty of any kind,
expressed or
# implied, including, but not limited to, the implied warranty of
# merchantability and fitness for a particular purpose. In no event shall
# MikroTikls SIA be liable for direct or indirect, incidental,
consequential or
# other damages that may result from the use of this software, including,
but
# not limited to, loss of data, time and (or) profits.
#
# $Id: dictionary.mikrotik,v 1.7 2011/11/25 08:00:00 normis Exp $
#
# MikroTik Attributes
VENDOR Mikrotik 14988
BEGIN-VENDOR Mikrotik
ATTRIBUTE Mikrotik-Recv-Limit 1 integer
ATTRIBUTE Mikrotik-Xmit-Limit 2 integer
ATTRIBUTE Mikrotik-Group 3 string
ATTRIBUTE Mikrotik-Wireless-Forward 4 integer
ATTRIBUTE Mikrotik-Wireless-Skip-Dot1x 5 integer
ATTRIBUTE Mikrotik-Wireless-Enc-Algo 6 integer
ATTRIBUTE Mikrotik-Wireless-Enc-Key 7 string
ATTRIBUTE Mikrotik-Rate-Limit 8 string
ATTRIBUTE Mikrotik-Realm 9 string
ATTRIBUTE Mikrotik-Host-IP 10 ipaddr
ATTRIBUTE Mikrotik-Mark-Id 11 string
ATTRIBUTE Mikrotik-Advertise-URL 12 string
ATTRIBUTE Mikrotik-Advertise-Interval 13 integer
ATTRIBUTE Mikrotik-Recv-Limit-Gigawords 14 integer
ATTRIBUTE Mikrotik-Xmit-Limit-Gigawords 15 integer
ATTRIBUTE Mikrotik-Wireless-PSK 16 string
ATTRIBUTE Mikrotik-Total-Limit 17 integer
ATTRIBUTE Mikrotik-Total-Limit-Gigawords 18 integer
ATTRIBUTE Mikrotik-Address-List 19 string
ATTRIBUTE Mikrotik-Wireless-MPKey 20 string
ATTRIBUTE Mikrotik-Wireless-Comment 21 string
ATTRIBUTE Mikrotik-Delegated-IPv6-Pool 22 string
# MikroTik Values
VALUE Mikrotik-Wireless-Enc-Algo
No-encryption 0
VALUE Mikrotik-Wireless-Enc-Algo
40-bit-WEP 1
VALUE Mikrotik-Wireless-Enc-Algo
104-bit-WEP 2
VALUE Mikrotik-Wireless-Enc-Algo
AES-CCM 3
VALUE Mikrotik-Wireless-Enc-Algo
TKIP 4
END-VENDOR Mikrotik
What i have noticed is that if I add "ATTRIBUTE
Mikrotik-Total-Limit 17 integer" to the
/usr/local/etc/raddb/dictionary file then freeradius says that it sends the
attribute however the Mikrotik complains that its incorrect.
Have I missed something? I have checked that
"/usr/local/share/freeradius/dictionary.mikrotik" is included in
/usr/local/share/freeradius/dictionary.
any advice would be great
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140408/ab4709dd/attachment-0001.html>
More information about the Freeradius-Users
mailing list